oss-sec mailing list archives

CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2)

From: P J P <ppandit () redhat com>
Date: Thu, 30 May 2013 00:40:49 +0530 (IST)

   Hello,

Linux kernel which supports splice(2) call to move data across file/socket
descriptors via a pipe buffers, is vulnerable to a kernel crash that occurs
while calling splice(2) over a tcp socket which in turn calls tcp_read_sock().

A user/program could use this flaw to cause system crash, resulting in DoS.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/baff42ab1494528907bf4d5870359e31711746ae

Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Current thread:

CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2) P J P (May 29)
- Re: CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2) Kurt Seifried (May 29)